Newer versions of GnuTLS is out there, so we should update it.
GnuTLS is now upgraded. The new version included a fix we had a patch for before (Bug 7481).
I could reproduce this in 4.11 and the fix present in 4.12 still works after upgrading GnuTLS. Tested on RHEL8 server.
I also updated libtasn1 and nettle in conjunction with the GnuTLS upgrade.
Tested that Webaccess works well against RHEL8 server on:
Fedora 31 - Chrome 83, Firefox 77.
Windows 10 - Internet Explorer 11, Microsoft Edge 44.
macOs 10.15 - Safari 13
iOS 13.5 - Safari
Android 8.1 - Chrome 83
And additionally tested smart card authentication (to test libtasn1) with the client on Fedora 31.
All of the tests were done before the commit.
This upgrade fixes two GnuTLS security problems. But these two does not affect us.
discussed further in Bug 7515.
which is an issue in DTLS and as it uses UDP it's not an problem for ThinLinc.
Also looked into the release notes of libtasn1 and nettle, couldn't find anything noteworthy there.
I can confirm that the build system has an updated GnuTLS. Also tested connecting Epiphany, Chrome and Firefox on Linux to tlwebaccess, as well as Internet Explorer. No complaints from any browser (except untrusted issuer).
Also tried some various smart cards and all could be read by tlclient.